lirantal
commented
1 year ago Thanks for citing this, Thomas. I'm flattered and happy to join any further research on this when and if you plan to expand on it.
Open thomas-chauchefoin-sonarsource opened 1 year ago
lirantal
commented
1 year ago Thanks for citing this, Thomas. I'm flattered and happy to join any further research on this when and if you plan to expand on it.
Based on Liran Tal's research on
kucherenko/blamer. We already know this vector, but we don't document the scenario where positional arguments are also passed to the Git command, making it write something under the attacker's control in the file pointed by--output.Advisory in https://gist.github.com/lirantal/14c3686370a86461f555d3f0703e02f9.